←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 2 comments | 29 Apr 24 23:59 UTC | HN request time: 0.56s | source
Show context
airocker ◴[30 Apr 24 20:21 UTC] No.40215819[source]
I have seldom come across unix multiuser environments getting used anymore for servers. Its generally just one user on one physical machine now a days. I understand run0's promise is still useful but i would really like to see the whole unix permission system simplified for just one user who has sudo access.
replies(17): >>40215898 #>>40216049 #>>40216052 #>>40216221 #>>40216591 #>>40216746 #>>40216794 #>>40216847 #>>40217413 #>>40217462 #>>40218411 #>>40219644 #>>40219888 #>>40220264 #>>40221109 #>>40223012 #>>40225619 #
blablabla123 ◴[01 May 24 13:35 UTC] No.40223012[source]
Yeah but elevated permissions may be needed from time to time anyway. Either on the client, the baremetal server or the container. Running everything as root is even for containers not recommended. Considering how popular these have become, it's a bit of an irony that systemd isn't available on the container without considerable detours.
replies(1): >>40226007 #
1. airocker ◴[01 May 24 17:00 UTC] No.40226007[source]
One user with sudo for sysadmins on baremetal and a sudo access without CAP_SYSADMIN on container should be good.
replies(1): >>40234393 #
2. blablabla123 ◴[02 May 24 09:51 UTC] No.40234393[source]
I like seeing qmail as blueprint how a secure app that needs elevates permissions should be designed, in fact it has 7 users.